summaryrefslogtreecommitdiffstats
path: root/fs/compat_ioctl.c
Commit message (Collapse)AuthorAgeFilesLines
* [COMPAT] net: SIOCGIFCONF data corruptionAlexandra Kossovsky2005-11-201-5/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | From: Alexandra Kossovsky <Alexandra.Kossovsky@oktetlabs.ru> From http://bugzilla.kernel.org/show_bug.cgi?id=4746 There is user data corruption when using ioctl(SIOCGIFCONF) in 32-bit application running amd64 kernel. I do not think that this problem is exploitable, but any data corruption may lead to security problems. Following code demonstrates the problem #include <stdint.h> #include <stdio.h> #include <sys/time.h> #include <sys/socket.h> #include <net/if.h> #include <sys/ioctl.h> char buf[256]; main() { int s = socket(AF_INET, SOCK_DGRAM, 0); struct ifconf req; int i; req.ifc_buf = buf; req.ifc_len = 41; printf("Result %d\n", ioctl(s, SIOCGIFCONF, &req)); printf("Len %d\n", req.ifc_len); for (i = 41; i < 256; i++) if (buf[i] != 0) printf("Byte %d is corrupted\n", i); } Steps to reproduce: Compile the code above into 32-bit elf and run it. You'll get Result 0 Len 32 Byte 48 is corrupted Byte 52 is corrupted Byte 53 is corrupted Byte 54 is corrupted Byte 55 is corrupted Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* [COMPAT]: EXT3_IOC_SETVERSION is _IOW() not _IOR().David S. Miller2005-11-181-1/+1
| | | | | | Noticed by Helge Deller. Signed-off-by: David S. Miller <davem@davemloft.net>
* [COMPAT]: Add ext3 ioctl translations.David S. Miller2005-11-171-0/+36
| | | | | | | | So things like on-line resizing et al. work. Based almost entirely upon a patch by Guido Günther <agx@sigxcpu.org> Signed-off-by: David S. Miller <davem@davemloft.net>
* [DVB]: Add compat ioctl handling.David S. Miller2005-11-161-0/+133
| | | | | | | | | Based upon a patch by Guido Guenther <agx@sigxcpu.org>. Some of these ioctls had embedded time_t objects or pointers, so needed translation. Signed-off-by: David S. Miller <davem@davemloft.net>
* [PATCH] fbdev: move ioctl32 code to fbmem.cArnd Bergmann2005-11-091-143/+0
| | | | | | | | | | The frame buffer layer already had some code dealing with compat ioctls, this patch moves over the remaining code from fs/compat_ioctl.c Signed-off-by: Arnd Bergmann <arnd@arndb.de> Signed-off-by: Antonino Daplas <adaplas@pol.net> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] re-add TIOCSTART and TIOCSTOP compat_ioctl handlersChristoph Hellwig2005-11-091-0/+10
| | | | | | | | | | We don't implement these ioctls, but some architectures define them in the headers. Bash picks them up and issues them frequently. Add compat_ioctl handlers to silence warnings about unhandled copat ioctls. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] kfree cleanup: fsJesper Juhl2005-11-071-1/+2
| | | | | | | | | | This is the fs/ part of the big kfree cleanup patch. Remove pointless checks for NULL prior to calling kfree() in fs/. Signed-off-by: Jesper Juhl <jesper.juhl@gmail.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] TIOC* compat ioctl handlingChristoph Hellwig2005-10-301-0/+4
| | | | | | | | | | | | | | | | TIOCSTART and TIOCSTOP are defined in asm/ioctls.h and asm/termios.h by various architectures but not actually implemented anywhere but in the IRIX compatibility layer, so remove their COMPATIBLE_IOCTL from parisc, ppc64 and sparc64. Move the TIOCSLTC COMPATIBLE_IOCTL to common code, guided by an ifdef to only show up on architectures that support it (same as the code handling it in tty_ioctl.c), aswell as it's brother TIOCGLTC that wasn't handled so far. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
* [PATCH] usb: Patch for USBDEVFS_IOCTL from 32-bit programsPete Zaitcev2005-10-281-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Dell supplied me with the following test: #include<stdio.h> #include<errno.h> #include<sys/ioctl.h> #include<fcntl.h> #include<linux/usbdevice_fs.h> main(int argc,char*argv[]) { struct usbdevfs_hub_portinfo hubPortInfo = {0}; struct usbdevfs_ioctl command = {0}; command.ifno = 0; command.ioctl_code = USBDEVFS_HUB_PORTINFO; command.data = (void*)&hubPortInfo; int fd, ret; if(argc != 2) { fprintf(stderr,"Usage: %s /proc/bus/usb/<BusNo>/<HubID>\n",argv[0]); fprintf(stderr,"Example: %s /proc/bus/usb/001/001\n",argv[0]); exit(1); } errno = 0; fd = open(argv[1],O_RDWR); if(fd < 0) { perror("open failed:"); exit(errno); } errno = 0; ret = ioctl(fd,USBDEVFS_IOCTL,&command); printf("IOCTL return status:%d\n",ret); if(ret<0) { perror("IOCTL failed:"); close(fd); exit(3); } else { printf("IOCTL passed:Num of ports %d\n",hubPortInfo.nports); close(fd); exit(0); } return 0; } I have verified that it breaks if built in 32 bit mode on x86_64 and that the patch below fixes it. Signed-off-by: Pete Zaitcev <zaitcev@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
* [PATCH] Lost sockfd_put() in routing_ioctl()Kirill Korotaev2005-09-091-2/+5
| | | | | | | | | This patch adds lost sockfd_put() in 32bit compat rounting_ioctl() on 64bit platforms Signed-Off-By: Kirill Korotaev <dev@sw.ru> Signed-Off-By: Maxim Giryaev <gem@sw.ru> Signed-off-By: Linus Torvalds <torvalds@osdl.org>
* Linux-2.6.12-rc2v2.6.12-rc2Linus Torvalds2005-04-161-0/+3082
Initial git repository build. I'm not bothering with the full history, even though we have it. We can create a separate "historical" git archive of that later if we want to, and in the meantime it's about 3.2GB when imported into git - space that would just make the early git days unnecessarily complicated, when we don't have a lot of good infrastructure for it. Let it rip!
OpenPOWER on IntegriCloud